Did you know?
What? You might ask.
Small- and mid-sized companies working with large corporations could land in hot water should they find themselves caught in a web of a cyber breach. Cyberattacks are costing big businesses billions, and they’re learning cyberthieves are finding creative ways to infiltrate their networks.
Hackers’ paths to a big fish have become more easily attainable by beginning their journeys through third-party vendors, with small budgets and weak cybersecurity protection.
This tactic is labeled as “Island Hopping.” It originates from a World War II strategy used by the United States to take small islands on its way to gaining access to the bigger one.
Island Hopping is another cybersecurity burden placed on small businesses. More security insurance, better infrastructure and improved protection are essential should they want to maintain their relationships with large corporations. These partnerships serve as a lifeline. Severed ties would lead to lesser revenue and, perhaps, closed doors.
For example, Target Corporation’s data breach in 2013 affected more than 100 million individuals, who had their mailing addresses, names, email addresses, phone numbers, and credit- and debit-card account data exposed. The breach cost Target more than $100 million and delivered a blow to its reputation.
This security debacle originated through an HVAC company that served as a contractor for many Target locations. The HVAC firm had access to Target’s network, and cyberthieves used a malware email attack to Island Hop into Target’s system.
Home Depot, too, fell victim to Island Hopping. Attackers stole a third-party vendor’s username and password to enter the perimeter of Home Depot’s network. That allowed hackers to deploy malware into its self-checkout systems that resulted into the exposure of more than 100 million customers’ personal information.
These large corporations paid hefty sums in fines and settlements to amend these breaches, but only a fraction of their annual revenues. Small businesses haven’t been so lucky. The response to reduce the risk of sizeable breaches has been to place the cost on small-business vendors.
Small businesses haven't been so lucky.
Corporations have begun including language into their contractual agreements requiring vendors with whom they do business to maintain a minimum standard for their cybersecurity protection. And some have begun including indemnification language reading that any third-party responsible for a breach will bear the cost of the attack.
Small businesses are left with few options other than to meet these requests, but it might not have to be so expensive. Better employee training and working with a managed services provider could work congruently to reduce the risk.
Apogee IT Services is an experienced managed service provider that can help lessen your vulnerabilities. We provide internal- and external-network scans to increase certainty in your protection.
Penetration testing could allow white-hat hackers to examine the difficulty to break into your system, and employee education could reduce self-inflicted wounds.
The weight of added fiscal responsibility might initially pose a challenge, but it should result in long-term readiness to accept large projects with better certainty.
So, protect your island, and don’t lose the keys to the castle. You likely never will return should the enemy find its way inside. Not to mention, you will be accountable for damages that could have been avoided.
Island hop with friends on cruise ships, not with your livelihood at the expense of cyberthieves, searching for a free ride to paradise.
Now you know.
To discuss security strategy, email Security Analyst Frank Verdecchia at email@example.com or contact us using the button below!
Apogee IT Services is Managed Service Provider with offices in Pittsburgh, PA, Boston, MA, and Toronto, ON. Apogee provides Managed IT Services to more than 300 businesses across the Northeast with a focus on legal, manufacturing, financial services, non-profit, and many other industries. Technology services include hosted cloud services, proactive IT management, multi-layer security including data backup and disaster recovery, 24/7 monitoring and alerting, Help Desk and end-user support, network planning and design, and IT roadmapping, among others.